Skip to main content

Java Active Directory authentication

Authenticate users member of a specific group with the java naming library.

<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8" %>
<%@ page import="java.util.*" %>
<%@ page import="javax.naming.*"%>
<%@ page import="javax.naming.ldap.*"%>
<%@ page import="javax.naming.directory.*"%>

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head><title>AD Authentication</title></head>
<body>
<%
request.setCharacterEncoding("utf-8");


String uname = request.getParameter("username");
String passwd = request.getParameter("password");
String ATTRIBUTE_FOR_USER = "sAMAccountName";
String returnedAtts[] ={ "sn", "givenName", "memberOf", "mail" };
String searchFilter = "(&(objectClass=user)(" + ATTRIBUTE_FOR_USER + "=" + uname + "))";


SearchControls searchCtls = new SearchControls();
searchCtls.setReturningAttributes(returnedAtts);


searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
String searchBase = "/** AD search base, eg: OU=ougroups, DC=blogger, DC=com */";
Hashtable<String, String> environment = new Hashtable<String, String>();
environment.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");


environment.put(Context.PROVIDER_URL, "/** ldap server and port, eg: ldap://7.7.7.7:389 */");
environment.put(Context.SECURITY_AUTHENTICATION, "simple");


environment.put(Context.SECURITY_PRINCIPAL, uname + "/** domain name, eg: @blogger.com */");
environment.put(Context.SECURITY_CREDENTIALS, passwd);
LdapContext ctxGC = null;


try
{
      ctxGC = new InitialLdapContext(environment, null);


      NamingEnumeration answer = ctxGC.search(searchBase, searchFilter, searchCtls);
      if (answer.hasMoreElements())
      {
            while (answer.hasMoreElements())
      {
            SearchResult sr = (SearchResult)answer.next();
            Attributes attrs = sr.getAttributes();
            if (attrs != null)
            {
             String s = attrs.get("memberOf").toString();
                out.println("Member Of = " + s);
                if (s.contains("/** AD group, eg: CN=grusers, OU=ougroups, DC=blogger, DC=com */"))
                {
                 out.println("OK user is member of the group");
                }  else
                 {
                 out.println("No user is not member of the group");
                 }
            } else
            {
             out.println("User has no attributes");
            }
      }
      } else
      {
      out.println("Search retrieve nothing");
      }
 }
catch (NamingException e)
{
      out.println("Just reporting error");
}
%>
</body>
</html>
Etiketler:

Comments

Post a Comment

Popular posts from this blog

Creating Multiple VLANs over Bonding Interfaces with Proper Routing on a Centos Linux Host

In this post, I am going to explain configuring multiple VLANs on a bond interface. First and foremost, I would like to describe the environment and give details of the infrastructure. The server has 4 Ethernet links to a layer 3 switch with names: enp3s0f0, enp3s0f1, enp4s0f0, enp4s0f1 There are two bond interfaces both configured as active-backup bond0, bond1 enp4s0f0 and enp4s0f1 interfaces are bonded as bond0. Bond0 is for making ssh connections and management only so corresponding switch ports are not configured in trunk mode. enp3s0f0 and enp3s0f1 interfaces are bonded as bond1. Bond1 is for data and corresponding switch ports are configured in trunk mode. Bond0 is the default gateway for the server and has IP address 10.1.10.11 Bond1 has three subinterfaces with VLAN 4, 36, 41. IP addresses are 10.1.3.11, 10.1.35.11, 10.1.40.11 respectively. Proper communication with other servers on the network we should use routing tables. There are three
Post a Comment
Read more

Listing Zimbra Accounts with Some Details

Recently I have to export the user list for a particular domain. Luckily Zimbra has Admin GUI with a search feature. When you search accounts, you can download search results as a comma-separated csv file. So I did a search and download the result file, but the result did not have all the columns I need and also there is no option for customizing columns for search results. So I had to write a bash script to get the desired list. Here is the bash script ( It can be customized by adding or removing field names. Run it under zimbra user like ./zimbra_account_list.sh <domain_name_here> ):
Post a Comment
Read more